Re: [PATCH] x86/shstk: Provide kernel command line knob to disable

Next message: Leo Yan: "[PATCH v2 2/3] perf expr: Add '\n' in literal parse errors"
Previous message: Leo Yan: "[PATCH v2 0/3] perf metricgroup: Fix segmentation fault and refine logs"
In reply to: Mathias Krause: "Re: [PATCH] x86/shstk: Provide kernel command line knob to disable"
Next in thread: Edgecombe, Rick P: "Re: [PATCH] x86/shstk: Provide kernel command line knob to disable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra

Date: Thu Apr 02 2026 - 12:10:46 EST

On Thu, Apr 02, 2026 at 05:59:46PM +0200, Mathias Krause wrote:
> On 02.04.26 17:54, Peter Zijlstra wrote:
> > On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote:
> >> Provide a kernel command line option 'shstk=off' to disable CET shadow
> >> stacks, much like 'ibt=off' can be used to disable CET IBT.
> >>
> >> With both set to off, it avoids setting CR4.CET on capable hardware to
> >> allow debugging related issues during early boot.
> >
> > Why though?
>
> I ran into related issues three times in the past now, where the lack of
> early exception handling and the lack of a knob to disable CR4.CET=1
> enabling made debugging this a real PITA. Now, with QEMU having gained
> CET virtualization support, that may be less of an issue.

Ah, I wrote the kernel IBT code using a host/qemu patched with very
early versions of those patches. It did indeed take ages for that stuff
to land upstream.

> However, in at least one case the UEFI firmware was involved and I had
> to test&debug on bare metal. Having such a knob allows ruling out or
> pin-pointing CET as the cause more easily.

Fair enough, although this should probably have made it in the
Changelog.

Other than that,

Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>